Access control to SAM / _samr_query_sec_obj

Kai Krueger kai at kruegernetz.de
Thu Jun 6 15:44:02 GMT 2002


----- Original Message ----- 
From: "Andrew Bartlett" <abartlet at pcug.org.au>
Sent: Thursday, June 06, 2002 1:01 PM


> > As the SDs contained numerical constants as well, that part is included as well, so it is a patch
> > against a fresh samba HEAD cvs from 31.5.02
> 
> Firstly, can you update for current CVS?  (I suspect there will be
> conficts, I made some changes for better NTSTATUS returns recently).

Yup, I can try and update it to current CVS, as long as that doesn't change to often ;-)
I'll hopefully be able to do it soon. Should I send the next version of the patch via list again,
or are there concerns about too many "big" mails?

> Secondly, I have some further style nit-picks:
>  - We can't use \\ as a comment in Samba, as many C compilers don't
> understand it.

That shouldn't be a problem to change.

>  - Please use 8-space tabs.  Samba mainly uses the 'linux' coding style
> - which you can
>    set in emacs.  Also make 'if(' -> 'if ('.

Neither should that. If I find any 'if(' that were there before, should I change them as well?


> On the patch itself, it looks pretty good.  In the longer term, I plan
> to move the access contols into the passdb - they will take an extra
> paramater of 'access_granted'.  This will allow us to have a consistant
> policy across all access methods (SAMR, RAP, etc) as well as removing
> the really weird way the passdb requires become_root() stuff atm.

Is that supposed to be a addition or a replacement to the checks done in this patch? 


> Andrew Bartlett
> 
> -- 
> Andrew Bartlett                                 abartlet at pcug.org.au
> Manager, Authentication Subsystems, Samba Team  abartlet at samba.org
> Student Network Administrator, Hawker College   abartlet at hawkerc.net
> http://samba.org     http://build.samba.org     http://hawkerc.net
>

Kai


More information about the samba-technical mailing list